Most of the global software population is engaged in modifying existing applications rather than writing new software applications. It is common for a software product owner to outsource the sustenance work of their product to third party vendors. However, outsourcing requires sharing the source code of software that may contain a wide array of proprietary knowledge and trade secrets. Out of all, source code of software is the key asset which internally contains proprietary knowledge which may be easily reused. Only protection mechanism that exists today is through legal process such as Non-Disclosure Agreements (NDA). Typically, the product owners engage third party vendors by signing an NDA or some legal agreement that binds the third party vendors to further ensure the security and integrity of the source code and other proprietary knowledge from being leaked.
The other manner of enforcing the security and protecting the source code from possible infringement by the third party vendors is to either work in a resource augmented mode where the vendor would supply resources who would work from product owner's premise or the vendors would connect to the product owner's network (through VPN, etc.) and have access to the source code where the network security of the parent domain will enforce the security. Even though the above mentioned methods are tested and widely used process to ensure the security of source code. The methods expose the entire source code to the vendors/third-party with possible probability of leakages in some or the other form.